+-----------------------------------------------------------------------------+
| [!] Legal disclaimer: Usage of this shit program for attacking targets |
| without prior mutual consent is illegal. |
| It is the end user's responsibility to obey all applicable local, state and|
| federal laws. |
| Developers assume no liability and are not responsible for any misuse or |
| damage caused by this program |
+-----------------------------------------------------------------------------+
This tool use few API's to grab data from domains. Passive scan Active scan Search for relative data in AWS and Pastebin someday far way i will write a pretty cool readme, but not today guys
I draw someshit here, it is outdated anyway, i will update after I finish some code stuff
git clone https://github.com/d34dfr4m3/prettycool.git
cd prettyCool/install
sudo ./install.sh #and pray a while
Edit the file tools/report_maker.py and set the password:
def createCon():
connection = pymysql.connect(host='localhost',
user='prettycool',
password='',
db='db_data',
charset='utf8mb4',
cursorclass=pymysql.cursors.DictCursor)
return connection
Edit the file tools/db_controler.py and set the password:
def createCon():
connection = pymysql.connect(host='localhost',
user='prettycool',
password='',
db='db_data',
charset='utf8mb4',
cursorclass=pymysql.cursors.DictCursor)
return connection
+-----------+--------------+
| cd_status | status_value |
+-----------+--------------+
| 1 | NOT STARTED |
| 2 | STARTED |
| 3 | FINISHED |
| 4 | ERROR |
| 5 | WAITING |
| 6 | BURNED |
| 7 | FINE |
+-----------+--------------+
7 rows in set (0.001 sec)
API Endpoints
(Discovery/ENUM) - /v2/hosts/search - Accepts queries for host or service attributes provided in the Censys Search Language and returns a list of matching hosts with some summary fields. Returns previews of hosts matching a specified search query - Enum + ports and Services
(DISCOVERY) - /v2/hosts/{ip}/names - Returns host names for the specified IP address
(ENUM)/v2/hosts/{ip} - Returns host information for the specified IP address Returns info related to services available like: Banners, content etc
Censys: Used to get services at hosts. (https://censys.io) -- DONE /v2/hosts/search Returns previews of hosts matching a specified search query - Enum + ports and Services -- DONE /v2/hosts/{ip} Returns host information for the specified IP address -- DONE /v2/hosts/{ip}/names Returns host names for the specified IP address --- https://search.censys.io/api#/hosts/searchHosts
Public API constraints and restrictions
The Public API is limited to 500 requests per day and a rate of 4 requests per minute.
The Public API must not be used in commercial products or services.
The Public API must not be used in business workflows that do not contribute new files.
You are not allowed to register multiple accounts to overcome the aforementioned limitations.
Endpoints
SecurityTrails: Used to enumerate hosts from domain and subdomains. (https://api.securitytrails.com)
(INTEL) https://api.securitytrails.com/v1/company/{domain} - https://docs.securitytrails.com/reference/company-details Returns details for a company domain. Custom subscription required
(INTEL) https://api.securitytrails.com/v1/company/{domain}/associated-ips - https://docs.securitytrails.com/reference/company-associated-ips Returns associated IPs for a company domain. The result is not paginated nor limited. The data is based on whois data with the names matched to the domains. Custom subscription required
(ENUM) https://api.securitytrails.com/v1/domain/{hostname} - https://docs.securitytrails.com/reference/domain-details Returns the current data about the given hostname. In addition to the current data, you also get the current statistics associated with a particular record. For example, for a records you'll get how many other hostnames have the same IP.
OK (DISCOVERY) - https://api.securitytrails.com/v1/domain/{hostname}/subdomains - https://docs.securitytrails.com/reference/domain-subdomains Returns child and sibling subdomains for a given hostname. Limited to 2000 results for the Free plan and to 10000 for all paid subscriptions.
(DISCOVERY/INTEL) - https://api.securitytrails.com/v1/domain/{hostname}/whois - https://docs.securitytrails.com/reference/domain-whois Returns the current WHOIS data about a given hostname with the stats merged together
(INTEL) - SEARCH - https://api.securitytrails.com/v1/domains/list - https://docs.securitytrails.com/reference/domain-search
Sample Use Cases
Search for all hostnames that point to your IP address
Search for phishing domains containing a certain terms
(INTEL) Associated Domains - https://api.securitytrails.com/v1/domain/{hostname}/associated - DOCS https://docs.securitytrails.com/reference/domain-associated-domains Find all domains that are related to a hostname you input. Limited to 10000 results.
(INTEL) HISTORY DNS - https://api.securitytrails.com/v1/history/{hostname}/dns/{type} DOCS https://docs.securitytrails.com/reference/history-dns Lists out specific historical information about the given hostname parameter. In addition of fetching the historical data for a particular type, the count statistic is returned as well, which represents the number of that particular resource against current data. (a records will have an ip_count field which will represent the number of records that has the same IP as that particular record) The results are sorted first_seen descending. The number of results is not limited.
(INTEL) History WHOIS - https://api.securitytrails.com/v1/history/{hostname}/whois Docs https://docs.securitytrails.com/reference/history-whois Returns historical WHOIS information about the given domain. The number of results is not limited.
(ENUM/INTEL) Ips Neighbors - https://api.securitytrails.com/v1/ips/nearby/{ipaddress} - DOCS https://docs.securitytrails.com/reference/ips-neighbors Returns the neighbors in any given IP level range and essentially allows you to explore closeby IP addresses. It will divide the range into 16 groups. Example: a /28 would be divided into 16 /32 blocks or a /24 would be divided into 16 /28 blocks
#!/bin/bash
TARGET=$1
echo "[-] s3://$TARGET/"
aws --no-sign-request s3 cp data s3://$TARGET/
for S3_PATH in `aws --no-sign-request s3 ls s3://$TARGET`
do
if [[ ! $S3_PATH == "PRE" ]]
then
if [ $(echo $S3_PATH | grep '/' | wc -l) -eq 1 ];then
echo "[-] s3://$TARGET/$S3_PATH"
aws --no-sign-request s3 cp data s3://$TARGET/$S3_PATH
fi
fi
done